Re: Crowd funding the Odoo Penetration Test - is now LIVE

I have just launched the Odoo security audit crowd funding
campaign, you can access it on Indiegogo here: http://igg.me/at/odoo-security/
and it has already received the first contribution!

With any crowd funding campaign, momentum drives more funding. To
that end, I would be really grateful for anyone considering
funding the project, that you do so over the next week or two. The
more people learn about this project, the greater the interest
will be outside the Odoo communities, and ultimately more
awareness of Odoo and the security issues of ERP.

The campaign page has a lot of detail of the testing process and
how the funds will be spent. I would welcome feedback, critique or
anything else that would help improve the potential and coverage
of the project.

I would also welcome discussions from any partners interested in
getting more involved.

Best regards,

Stuart.

PS The hashtag #SecureERP has been used on social networks.

<blockquote cite="mid:558D141B.6020004@opusvl.com" type="cite">

Dear all,

As you've seen in recent threads, we've been raising with Odoo a
number of security issues that we've come across with, for which
patches have been published. Still, it raises the question of
how secure is Odoo.

As a long-running partner with a reputation to maintain, we want
Odoo to be safe, and for this reason we contacted NCC (leader in
security auditing of software) to do a professional security
audit of Odoo or "Penetration Test".

Odoo is fully supportive of our initiative, as we are after all
working towards the same goal: Increasing security & raising
Odoo's profile.
NCC will raise awareness of the activity through their global
network and we have also engaged a PR company to optimise the
reach of this initiative through national press.

To fund this professional audit, we will launch an IndieGoGo
campaign and hope you will all support us.

The funding campaign will run to the end of July as the test is
booked for August.

The test plan

The test Odoo is Version 8 installed on an up to date Debian
platform. It has the base set of standard modules installed
including:

This campaign will benefit all of us, so I hope you are able to
support it, and if not, at least spread the word.

I will be posting a link with full details of the campaign to
this thread as soon as the campaign is launched, and will keep
everyone updated regularly.

As with any crowd funding campaign, the first few weeks are
critical to draw the interest of others outside the immediate
group so it would be really good if you can join in, even if it
is just a small amount.

With your support we can put Odoo ahead of the other ERP systems
in security as it already is with functionality, and
significantly increase the quantity of people aware of Odoo.